Citrix Application Delivery Management service

Release Notes for Citrix ADM service November 09, 2021 Release

This release notes document describes the enhancements and changes, fixed and known issues that exist for the Citrix ADM service release Build November 09, 2021.

Notes

This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.

What’s New

The enhancements and changes that are available in Build November 09, 2021.

Security

Support for identification and remediation of CVE-2021-22955 and CVE-2021-22956

Citrix ADM security advisory now supports identification and remediation of two new CVEs: CVE-2021-22955 and CVE-2021-22956.

Identification of CVE-2021-22955 requires a version scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix. Identification of CVE-2021-22956 requires a custom scan, and remediation requires a two-step process:

  1. Upgrade the vulnerable ADC instance to a release and build that has the fix.

  2. Apply configuration jobs.

For more information about how to remediate CVE-2021-22955, see Security Advisory.

For more information about how to identify and remediate CVE-2021-22956, see Identify and remediate vulnerabilities for CVE-2021-22956.

Note

  • It might take some time for security advisory system scan to conclude and reflect the impact of CVE-2021-22955 and CVE-2021-22956 in the security advisory module. To see the impact sooner, start an on-demand scan by clicking Scan-Now.

  • Refer to the known issue NSADM-80913.

[NSADM-76470]

Analytics

IPv6 support in Bot insight

When you drill down an application under Bot in Security > Security Violations > Application Overview, the Logs now display the IPv6 address for the Client IP and Bot True Client IP.

IPv6 support in Bot insight

[NSADM-77376]

StyleBooks

StyleBooks support new built-in functions

Citrix ADM StyleBooks now support the following built-in functions:

  • sha256() - Use this function to compute the SHA-256 hash for any string. This function accepts a string input of any length and returns a hash string of fixed length (64 characters). For more information, see Built-in functions.

  • relate() - Use this function to form a dictionary object from a set of lists. It accepts two arguments. The first argument is a list of key names for the dictionary object. The second argument is a list of lists, where each list contains the values to the corresponding key name in the list of the first argument. For more information, see Built-in functions.

[NSADM-77225]

Known issue

In Security Advisory, some CVEs need a two-step remediation (upgrading the instance and running a config job). For CVE CVE-2021-22956, you can run the appropriate configuration job on multiple affected ADC instances in one go.

If you have selected multiple ADC instances in ADM service security advisory and proceeded to configuration job workflow for CVE-2021-22956, you have two options in step 3 of the workflow (Specify variable value). You can enter a common value for the variable or enter different values for different ADC instances for the variable.

If you want to specify different values for parameter max_client across the multiple selected ADC instances, you must use the “Upload input file for variable values” option. This option has an issue. If you have selected multiple ADC instances and the “Upload input file for variable values” option, the downloaded input key file shows only one ADC instance under the instances column in the file.

Workaround: Go back to the step 2 (Select Instances) in the configuration job workflow. Next, remove the selected ADC instances and manually add them back by using the Add Instances option and proceed with the workflow.

[NSADM-80913]

Release Notes for Citrix ADM service November 09, 2021 Release